Endor Labs recently announced it has closed a $93 million Series B funding round alongside the launch of its expanded security platform designed to address the challenges posed by AI-generated code. In particular, Endor Labs shared that the first capabilities of this platform would be AI Security Code Review and the Endor Labs MCP Server.

AI Security Code Review is an AI agent framework that can review pull requests for architectural changes that could impact an application's security status. Similarly, Endor Labs MCP Server integrates directly with AI coding tools like GitHub Copilot and Cursor to enable developers to find and fix vulnerabilities in AI code on the fly. These new platform capabilities are the starting point in Endor Labs' mission to develop novel security solutions focused on AI applications, code, and agents.

The rise of "vibe coding"

Coding assistants have undoubtedly established themselves as one of the most popular (and profitable) use cases for generative AI. Last year, Google CEO Sundar Pichai famously disclosed during the company's third-quarter earnings call that over 25% of all its new code was now AI-generated. Relatedly, GitHub claims to have data revealing that about 40% of the code committed by GitHub Copilot users is "AI-generated and unmodified", leading to a 55% productivity increase among developers using the assistant.

But while this AI-assisted approach delivers impressive productivity gains, it introduces new security concerns. Research cited by Endor Labs includes studies with the following findings:

  • 62% of AI-generated code suggestions contain design flaws or security vulnerabilities, even when using the latest models.
  • Nearly 30% of AI-generated code snippets include exploitable security flaws.
  • A WSJ article says that over the past two years, GitHub Copilot has been adopted by over 77,000 organizations to increase developer productivity.

Endor Labs claims that most of these organizations lack clear-cut plans to asses or mitigate the potential security impact of incorporating AI coding tools into their workflows. In such a context, Endor Labs' platform emerges as an invaluable tool for AppSec teams looking to "become catalysts for secure AI adoption in their organizations."

New Platform Features

To address the new challenges arising from the widespread use of AI coding assistants, Endor Labs has developed two key capabilities:

  1. AI Security Code Review: This feature employs specialized AI agents to review every pull request, identifying architectural changes that could impact application security posture. Unlike traditional scanning tools, it can detect higher-level security concerns such as modifications to authentication mechanisms, introduction of new API endpoints, or changes to sensitive data handling.
  2. Endor Labs MCP Server: This tool integrates directly with AI coding assistants like GitHub Copilot and Cursor to detect and fix vulnerabilities in AI-generated code before they leave the development environment. It provides real-time security insights and remediation guidance directly within developers' coding workflows.

Platform Architecture

Another key element of Endor Labs' platform is its deep intelligence about the open-source code used to train most current foundation models. In developing its platform, Endor Labs has created a comprehensive data foundation that includes:

  • An annotated vulnerability database with precise line-level annotations across millions of packages
  • A function index comprising billions of functions across 4.5 million open source projects and libraries, covering every major programming language. This enables tracing execution calls rather than simply tracking dependencies.
  • A collection of over 500 million vector embeddings that enables Endor Labs to detect code reuse or transformation.

The AI Security Code Review feature will be available to Endor Labs customers in May 2025. Additionally, the company plans to add new capabilities to its platform in the coming months.